Solutionary > Glossary of Terms

10 BASE-T - An Ethernet network that uses a twisted pair (also known as RJ-45) cabling between a network interface card and a hub to tie the network together. The main advantage of this type of network is its ease of installation and expandability. Runs at 10 Mbps.

100 BASE-TX - An Ethernet network that uses a twisted pair (also known as RJ-45) cabling between a network interface card and a hub to tie the network together. The main advantage of this type of network is its ease of installation and expandability. Runs at 100 Mbps.

ADSL - Asymmetric Digital Subscriber Line (ADSL) allows for transfer speeds of 9 Megabytes per second into the computer and up to 800 kbps back up the telephone lines. ADSL uses standard telephone lines, but presently require the user to install a separate telephone line.

Bandwidth - In communications, the difference between the highest and lowest frequencies in a given range. In computer networks, greater bandwidth indicates faster data-transfer capability.

Bandwidth on demand - In networks or telecommunications, a feature, which allows a remote access device to initiate a second connection to a particular site to allow the amount of data transferred to that site to reach a suitable level of speed.

Baud Rate - Commonly, a reference to the speed at which a modem can transmit data. Often incorrectly assumed to indicate the number of bits per second (bps) transmitted, baud rate actually measures the number of events, or signal changes, that occur in 1 second. Because one event can actually encode more than 1 bit in high-speed digital communications, baud rate and bits per second are not always synonymous, and the latter is the more accurate term to apply to modems. For example, a so-called 9600-baud modem that encodes 4 bits per event actually operates at 2400 baud but transmits 9600 bps modem.

Broadband network - Multiple carrier frequencies transmitting multiplexed signals on a single cable.

Destination address - On a network, the unique identifier of where a signal is being sent to; the precise location code of the receipt point for a transmitted message.

Download - Move data from a central storage area into memory or local storage on the client for subsequent processing. Transfer a file or data from one network node to another.

Ethernet - A LAN Transmission standard. It is a 10 Mbps, CSMA/CD baseband network that runs over Thin Wire, Thick Wire, twisted-pair or fiber optic cable.

Ethernet address - A unique identifying code on an Ethernet controller board in a PC or server machine on a network. The address is hard coded in the ROM, or can sometimes be changed by the Network software.

Fiber optic Data Distribution Interface (FDDI) - In networks or telecommunications, a cable interface capable of transmitting data at 100 Mbps. Originally specified for fiber optic lines, it can also operate over twisted-pair cable for short distances.

Interface adapter - Also called network adapter; an expansion card or other device used to connect a computer to a local area network.

Internet Protocol (IP) address - The network address on a TCP/IP Network.

Network address - In a network, every node has one or more addresses associated with it, including a Hardware address assigned by the device's manufacturer. Most nodes also have protocol-specific addresses assigned by a network manager.

Network Interface Card (NIC) - A card with the necessary software and electronics to enable a device to communicate over a network.

RJ-45 port - Standard port on a 10-BASE-T adapter.

Telnet - TCP/IP for remote terminal connection to a network server.

Transmission Control Protocol/Internet Protocol (TCP/IP) - A popular standardized protocol found in UNIX environments and throughout the Internet. TCP/IP was developed by the Department of Defense (DoD) for communication between computers.

Twisted-pair cable - Inexpensive, copper cable comprised of one or more pairs of 18- to 24-gauge strands. The strands are twisted to improve protection against electromagnetic interference. It is used either shielded or unshielded in low-speed communications, such as telephone cable. In computing it is used only in baseband networks.

WAN - Wide Area Network; a network that connects users at separate geographical sites, often covering several cities or countries, and in some cases spanning the globe.

Workstation - In general, a combination of input, output and computing hardware that can be used for work by an individual. More often, however, the term refers to a powerful stand-alone computer of the sort used in computer-aided design and other applications requiring a high-end machine with considerable calculating or graphics capability.

Security Terms
The following are some security terms commonly used at Solutionary and within our industry.

Access - (v) (1) To use. For example, programs can access memory, which means they read data from or write data to main memory. A user can access files, directories, computers, or peripheral devices. 2) A privilege to use computer information in some manner. For example, a user might be granted read access to a file, meaning that the user can read the file but cannot modify or delete it. Most operating systems have several different types of access privileges that can be granted or denied to specific users or groups of users.

Access code - Same as password, a series of characters and numbers that enables a user to access a computer.

Access control - Refers to mechanisms and policies that restrict access to computer resources. An access control list (ACL), for example, specifies what operations different users can perform on specific files and directories.

Accounting - A mechanism, usually built into a computer operating system, for tracking how many resources a user consumes. Frequently confused with auditing.

Activity - Instantiations of the data source that are identified by the analyzer as being of interest to the security administrator. Examples of this include (but are not limited to) network sessions, user activity, and application events. Activity can range from extremely serious occurrences (such as an unequivocally malicious attack) to less serious occurrences (such as unusual user activity that's worth a further look).

Agent - The ID component periodically collects data from the data source, sometimes performing some analysis or organization of the data. Also know as sensor.

Analyzer - The ID component that analyzes the data collected by the sensor for signs of unauthorized or undesired activity or for events that might be of interest to the security administrator.

Audit log - The log of system events and activities generated by the operating system.

Audit trail - A record showing who has accessed a computer system and what operations he or she has performed during a given period of time.

Authentication - The process of identifying an individual usually based on a username and password.

Authorization - The process of granting or denying access to a network resource. Most computer security systems are based on a two-step process. The first stage is authentication, which ensures that a user is who he or she claims to be. The second stage is authorization, which allows the user access to various resources based on the user's identity.

Bastion host - A bastion host is a gateway between an inside network and an outside network. Used as a security measure, the bastion host is designed to defend against attacks aimed at the inside network.

Biometrics - Generally the study of measurable biological characteristics. In computer security, biometrics refers to authentication techniques that rely on measurable physical characteristics that can be automatically checked. Examples include computer analysis of fingerprints or speech.

Certificate - A computer-based record, which at least (1) identifies the certification authority using it, (2) names or identifies its subscriber, (3) contains the subscriber's public key, and (4) is digitally signed by the certification authority using it. Also known as a "digital certificate."

Certificate authority - A trusted third-party organization or company that issues digital certificates used to create digital signatures and public-private key pairs. The role of the CA in this process is to guarantee that the individual granted the unique certificate is, in fact, who he or she claims to be.

Challenge-response - A common authentication technique whereby an individual is prompted (the challenge) to provide some private information (the response). Most security systems that rely on smart cards are based on challenge-response. A user is given a code (the challenge) which he or she enters into the smart card. The smart card then displays a new code (the response) that the user can present to log in.

CHAP - Challenge Handshake Authentication Protocol, a type of authentication in which the authentication agent (typically a network server) sends the client program a key to be used to encrypt the username and password. This enables the username and password to be transmitted in an encrypted form to protect them against eavesdroppers. Contrast with PAP.

Clipper chip - An encryption chip designed under the auspices of the U.S. government. The government's idea was to enforce use of this chip in all devices that might use encryption, including computers, modems, telephones, and televisions. The government would control the encryption algorithm, thereby giving it the ability to decrypt any messages it recovered.

Crack - To break into a computer system.

Data integrity - Refers to the validity of data. Data integrity can be compromised in a number of ways.

Data source - The raw information that an intrusion detection system uses to detect unauthorized or undesired activity. Common data sources include (but are not limited to) raw network packets, operating system audit logs, application audit logs, and system-generated checksum data.

Data vaulting - The process of sending data off-site, where it can be protected from hardware failures, theft, and other threats. Several companies now provide Web backup services that will compress, encrypt, and periodically transmit a customer's data to a remote vault. In most cases, the vaults will feature auxiliary power supplies, powerful computers, and manned security. Also referred to as a remote backup service (RBS).

Digital certificate - An attachment to an electronic message used for security purposes. The most common use of a digital certificate is to verify that a user sending a message is who he or she claims to be, and to provide the receiver with the means to encode a reply.

Digital envelope - A type of security that uses two layers of encryption to protect a message. First, the message itself is encoded using symmetric encryption, and then the key to decode the message is encrypted using public-key encryption. This technique overcomes one of the problems of public-key encryption, which is that it is slower than symmetric encryption. Because only the key is protected with public-key encryption, there is very little overhead.

Digital signature - A digital code that can be attached to an electronically transmitted message that uniquely identifies the sender. Like a written signature, the purpose of a digital signature is to guarantee that the individual sending the message really is who he or she claims to be.

DMZ - A Demilitarized Zone is used by a company that wants to host its own Internet services without sacrificing unauthorized access to its private network. The DMZ sits between the Internet and an internal network's line of defense, usually some combination of firewalls and bastion hosts.

Dongle - A device that attaches to a computer to control access to a particular application. Dongles provide the most effective means of copy protection. Typically, the dongle attaches to a PC's parallel port. On Macintoshes, the dongle sometimes attaches to the ADB port. The dongle passes through all data coming through the port so it does not prevent the port from being used for other purposes. In fact, it's possible to attach several dongles to the same port.

DoS Attack - Short for denial-of-service attack, a type of attack on a network that is designed to bring the network to its knees by flooding it with useless traffic.

Encryption - The translation of data into a secret code. Encryption is the most effective way to achieve data security. To read an encrypted file, you must have access to a secret key or password that enables you to decrypt it. Unencrypted data is called plain text; encrypted data is referred to as cipher text.

Event - A notification from an analyzer to the security administrator a signature has triggered. An event typically contains information about the activity that triggered the signature, as well as the specifics of the occurrence.

File assessment - A technology in which message digest hashing algorithms is used to render files and directories tamper evident.

Firewall - A computer or router (or combination thereof) configured to permit or deny specific kinds of traffic through it. Usually used to protect a network from potentially hostile outside networks; intranetwork firewalls, however, are becoming more popular. Available in a variety of strengths and reliability.

Hack - (n) An inelegant and usually temporary solution to a problem.
(v) To modify a program, often in an unauthorized manner, by changing the code itself.

Hacker - A slang term for a computer enthusiast. Among professional programmers, the term hacker implies an amateur or a programmer who lacks formal training. Depending on how it is used, the term can be either complimentary or derogatory, although it is developing an increasingly derogatory connotation.

Intrusion - Somebody ("hacker" or "cracker") attempting to break into or misuse a system.

IPsec - Short for IP Security, a set of protocols being developed by the IETF to support secure exchange of packets at the IP layer. Once it is completed, IPsec is expected to be deployed widely to implement Virtual Private Networks (VPNs).

IP Spoofing - A technique used to gain unauthorized access to computers, whereby the intruder sends messages to a computer with an IP address indicating that the message is coming from a trusted port.

NAT - Short for Network Address Translation, an Internet standard that enables a local-area network (LAN) to use one set of IP addresses for internal traffic and a second set of addresses for external traffic.

Network intrusion detection systems (NIDS) - Monitors packets on the network wire and attempts to discover if a hacker/cracker is attempting to break into a system (or cause a denial of service attack).

OPS - The Open Profiling Standard is similar to P3P, but is not being worked on by the W3C. Instead, it has been adopted as part of P3P. OPS allows secure transfer of data from a user's browser, but doesn't require that a Web site release its privacy policy. Therefore, the user must manually choose what info will be sent to that site.

P3P - Platform for Privacy Preferences is a specification that will allow users' Web browsers to automatically understand Web sites' privacy practices. Privacy policies will be embedded in the code of a Web site. Browsers will read the policy, and then, automatically provide certain information to specific sites based on the preferences set by the users. For instance, if the site is an e-commerce site, the browser will automatically provide shipping info. If the site is requesting demographic info, then the browser will know to provide it anonymously.

Packet filtering - Controlling access to a network by analyzing the incoming and outgoing packets and letting them pass or halting them based on the IP addresses of the source and destination.

PAP - Short for Password Authentication Protocol, the most basic form of authentication, in which a user's name and password are transmitted over a network and compared to a table of name-password pairs. Typically, the passwords stored in the table are encrypted. The Basic Authentication feature built into the HTTP protocol uses PAP. The main weakness of PAP is that both the username and password are transmitted "in the clear" -- that is, in an unencrypted form. Contrast with CHAP.

Password - A secret series of characters that enables a user to access a file, computer, or program.

Phreaking - Closely related to hacking, using a computer or other device to trick a phone system. Typically, phreaking is used to make free calls or to have calls charged to a different
account.

PKI - Short for public key infrastructure, a system of digital certificates. Certificate Authorities and other registration authorities that verify and authenticate the validity of each party involved in an Internet transaction.

RBL - Created by Mail Abuse Prevention System (MAPS) LLC., Realtime Blackhole List consists of IP addresses whose owners refuse to stop the proliferation of spam. The RBL usually lists server IP addresses from ISPs whose customers are responsible for the spam and from ISPs whose servers are hijacked for spam relay.

Secure server - A Web server that supports any of the major security protocols, like SSL that encrypt and decrypt messages to protect them against third party tampering.

SET - Short for Secure Electronic Transaction, a new standard that will enable secure credit card transactions on the Internet. Virtually all the major players in the electronic commerce arena, including Microsoft, Netscape, Visa, and MasterCard, have endorsed SET.

S-HTTP - An extension to the HTTP protocol to support sending data securely over the World Wide Web. Not all Web browsers and servers support S-HTTP. Another technology for transmitting secure communications over the World Wide Web -- Secure Sockets Layer (SSL) -- is more prevalent. However, SSL and S-HTTP have very different designs and goals so it is possible to use the two protocols together. Whereas SSL is designed to establish a secure connection between two computers, S-HTTP is designed to send individual messages securely. Both protocols have been submitted to the Internet Engineering Task Force (IETF) for approval as a standard.

Smart card - A small electronic device about the size of a credit card that contains electronic memory, and possibly an embedded integrated circuit (IC). Smart cards containing an IC are sometimes called Integrated Circuit Cards (ICCs).

S/MIME - Short for Secure/MIME, a new version of the MIME protocol that supports encryption of messages. S/MIME is based on RSA's public-key encryption technology.

Smurf - A type of network security breach in which a network connected to the Internet is swamped with replies to ICMP echo (PING) requests. A smurf attacker sends PING requests to an Internet broadcast address. These are special addresses that broadcast all received messages to the hosts connected to the subnet. Each broadcast address can support up to 255 hosts, so a single PING request can be multiplied 255 times. The return address of the request itself is spoofed to be the address of the attacker's victim. All the hosts receiving the PING request reply to this victim's address instead of the real sender's address.

Sniffer - A program and/or device that monitors data traveling over a network. Sniffers can be used both for legitimate network management functions and for stealing information off a network. Unauthorized sniffers can be extremely dangerous to a network's security because they are virtually impossible to detect and can be inserted almost anywhere.

SOCKS - A protocol for handling TCP traffic through a proxy server. It can be used with virtually any TCP application, including Web browsers and FTP clients. It provides a simple firewall because it checks incoming and outgoing packets and hides the IP addresses of client applications.

Spoof - To fool. In networking, the term is used to describe a variety of ways in which hardware and software can be fooled. IP spoofing, for example, involves trickery that makes a message appear as if it came from an authorized IP address.

SSH - Developed by SSH Communications Security Ltd., Secure Shell is a program to log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another. It provides strong authentication and secure communications over insecure channels.

SSL - Short for Secure Sockets Layer, a protocol developed by Netscape for transmitting private documents via the Internet.

Steganography - The art and science of hiding information by embedding messages within other, seemingly harmless messages. Steganography works by replacing bits of useless or unused data in regular computer files (such as graphics, sound, text, HTML, or even floppy disks) with bits of different, invisible information. This hidden information can be plain text, cipher text, or even images. Steganography (literally meaning covered writing) dates back to ancient Greece, where common practices consisted of etching messages in wooden tablets and covering them with wax, and tattooing a shaved messenger's head, letting his hair grow back, then shaving it again when he arrived at his contact point.

System integrity verifiers (SIV) - Monitors system files to find when an intruder changes them (thereby leaving behind a backdoor).

System intrusion detection systems (SIDS) - Monitors system files to find when an intruder changes them (thereby leaving behind a backdoor).

Token - (1) In programming languages, a single element of a programming language. For example, a token could be a keyword, an operator, or a punctuation mark. (2) In networking, a token is a special series of bits that travels around a token-ring network. As the token circulates, computers attached to the network can capture it. The token acts like a ticket, enabling its owner to send a message across the network. There is only one token for each network, so there is no possibility that two computers will attempt to transmit messages at the same time. (3) In security systems, a small device the size of a credit card that displays a constantly changing ID code. A user first enters a password and then the card displays an ID that can be used to log into a network. Typically, the IDs change every 5 minutes or so.

Trojan Horse - A destructive program that masquerades as a benign application. Unlike viruses, Trojan horses do not replicate themselves but they can be just as destructive. One of the most insidious types of Trojan horse is a program that claims to rid your computer of viruses but instead introduces viruses onto your computer.

Username - A name used to gain access to a computer system.

X.509 - The most widely used standard for defining digital certificates. X.509 is actually an ITU Recommendation, which means that has not yet been officially defined or approved. As a result, companies have implemented the standard in different ways. For example, both Netscape and Microsoft use X.509 certificates to implement SSL in their Web servers and browsers. But an X.509 Certificate generated by Netscape may not be readable by Microsoft products, and vice versa.

Encryption Terms
The following are some encryption terms commonly used at Solutionary and within our industry.

Cipher text - Data that has been encrypted. Cipher text is unreadable until it has been converted into plain text (decrypted) with a key.

Cryptography - The art of protecting information by transforming it (encrypting it) into an unreadable format, called cipher text. Only those who possess a secret key can decipher (or decrypt) the message into plain text.

Decryption - The process of decoding data that has been encrypted into a secret format. Decryption requires a secret key or password.

DES - Short for Data Encryption Standard, a popular symmetric-key encryption method developed in 1975 and standardized by ANSI in 1981 as ANSI X.3.92. DES uses a 56-bit key and is illegal to export out of the U.S. or Canada if you don't meet the BXA requirements.

Digital wallet - Encryption software that works like a physical wallet during electronic commerce transactions. A wallet can hold a user's payment information, a digital certificate to identify the user, and shipping information to speed transactions. The consumer benefits because his or her information is encrypted against piracy and because some wallets will automatically input shipping information at the merchant's site and will give the consumer the option of paying by digital cash or check. Merchants benefit by receiving protection against fraud.

MD5 - An algorithm created in 1991 by Professor Ronald Rivest that is used to create digital signatures. It is intended for use with 32 bit machines and is safer than the MD4 algorithm, which has been broken. MD5 is a one-way hash function, meaning that it takes a message and converts it into a fixed string of digits, also called a message digest.

Message Digest - The representation of text in the form of a single string of digits, created using a formula called a one-way hash function. Encrypting a message digest with a private key creates a digital signature, which is an electronic means of authentication.

Netcheque - Registered users may write checks to other registered users through e-mail or other network protocols. When the check is deposited, it authorizes the transfer of funds from the issuer's account to the receiver's account. All information is kept on a netcheque server, which is responsible for keeping accounts for customers, approving payments, and making the necessary changes in client accounts.

Plain text - Refers to textual data in ASCII format. Plain text is the most portable format because it is supported by nearly every application on every machine. It is quite limited, however, because it cannot contain any formatting commands.

Pretty good privacy - A technique for encrypting messages developed by Philip Zimmerman. PGP is one of the most common ways to protect messages on the Internet because it is effective, easy to use, and free. PGP is based on the public-key method, which uses two keys -- one is a public key that you disseminate to anyone from whom you want to receive a message. The other is a private key that you use to decrypt messages that you receive.

Public key encryption - A cryptographic system that uses two keys -- a public key known to everyone and a private or secret key known only to the recipient of the message. When John wants to send a secure message to Jane, he uses Jane's public key to encrypt the message. Jane then uses her private key to decrypt it. KEY- A password or table needed to decipher encoded data.

RSA - A public-key encryption technology developed by RSA Data Security, Inc. The acronym stands for Rivest, Shamir, and Adelman, the inventors of the technique. The RSA algorithm has become the de facto standard for industrial-strength encryption, especially for data sent over the Internet. It is built into many software products, including Netscape Navigator and Microsoft Internet Explorer. The technology is so powerful that the U.S. government has restricted exporting it to foreign countries.

Symmetric encryption - A type of encryption where the same key is used to encrypt and decrypt the message. This differs from asymmetric (or public-key) encryption, which uses one key to encrypt a message and another to decrypt the message.

Symmetric-key cryptography - An encryption system in which the sender and receiver of a message share a single, common key that is used to encrypt and decrypt the message. Contrast this with public-key cryptology, which utilizes two keys - a public key to encrypt messages and a private key to decrypt them

Virus Terms
The following are some virus related terms commonly used at Solutionary and within our industry.

Antivirus program - A utility that searches a hard disk for viruses and removes any that are found. Most antivirus programs include an auto-update feature that enables the program to download profiles of new viruses so that it can check for the new viruses as soon as they are discovered.

Macro virus - A type of computer virus that is encoded as a macro embedded in a document. Many applications, such as Microsoft Word and Excel, support powerful macro languages. These applications allow you to embed a macro in a document, and have the macro execute each time the document is opened. According to some estimates, 75% of all viruses today are macro viruses. Once a macro virus gets onto your machine, it can embed itself in all future documents you create with the application. Antivirus programs can protect your system against most macro viruses, although new ones are always being created that slip by the antivirus filters.

Trojan horse - A destructive program that masquerades as a benign application. Unlike viruses, Trojan horses do not replicate themselves but they can be just as destructive. One of the most insidious types of Trojan horse is a program that claims to rid your computer of viruses but instead introduces viruses onto your computer. The term comes from a story in Homer's Iliad, in which the Greeks give a giant wooden horse to their foes, the Trojans, ostensibly as a peace offering. But after the Trojans drag the horse inside their city walls, Greek soldiers sneak out of the horse's hollow belly and open the city gates, allowing their compatriots to pour in and capture Troy.

Virus - A program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. Most viruses can also replicate themselves. All computer viruses are manmade. A simple virus that can make a copy of itself over and over again is relatively easy to produce. Even such a simple virus is dangerous because it will quickly use all available memory and bring the system to a halt. An even more dangerous type of virus is one capable of transmitting itself across networks and bypassing security systems. Some people distinguish between general viruses and worms.

Worm - A worm is a special type of virus that can replicate itself and use memory, but cannot attach itself to other programs.

Acronyms
The following are some commonly used acronyms at Solutionary and within our industry.

Acronym Long Form
PCI Acronyms
CISP Cardholder Information Security Program
DSS Data Security Standards
PABP Payment Application Best Practice
PCI Payment Card Industry
ROC Report on Compliance
SAQ PCI Self-Assessment Questionnaire
Common Industry Terms
ACL Access Control List
AICPA American Institute of Certified Public Accountants
CISSP Certified Information Systems Security Processional
CobiT Control Objectives for Information and related Technology
FQDN Fully Qualified Domain Name
HIPAA Health Insurance Portability and Accountability Act
IP Internet Protocol (IP address)
ISO International Standards Organization
ISP Internet Service Provider
KGI Key Goal Indicator
KPI Key Performance Indicator
MSSP Managed Security Services Provider
NIST National Institute of Standards and Technology